UNWTO has been always a perfect source for all tourism students, experts and academic leaders of tourism management. I have been studying on tourism for 9 years and UNWTO (earlier known as (AKA) WTO) has been my first door to knock when I need the facts and figures concerning tourism industry.

So unwto has released Tourism Highlights 2010 and it is greater than the others. They have changed the reporting design and that is a good call I guess. It is now more clear to digest the report. But I wish that it should have cover more pages. 12 pages is not enough to abstract the whole year.

Here is the UNWTO explanation of Tourism Highlights 2010;

UNWTO Tourism Highlights presents a concise overview of international tourism in the world based on the results for the year 2009.

The booklet offers statistics and analysis on international tourist arrivals, international tourism receipts, a summary of results by region, major regional destinations by arrivals and receipts, outbound tourism, generating regions as well as the ranking of top tourism destinations by arrivals and receipts, and the top spenders list.

UNWTO has changed the reporting style and the new one is so much better...

Also some new tourism students might need to know what UNWTO is and how it serves. So here is so brief information about UNWTO

The World Tourism Organization (UNWTO), a United Nations specialized agency, is the leading international organization with the decisive and central role in promoting the development of responsible, sustainable and universally accessible tourism. It serves as a global forum for tourism policy issues and a practical source of tourism know-how. Its membership includes 154 countries, 7 territories, 2 permanent observers and over 400 Affiliate Members.

Quoted From UNWTO

The first impression on the report is that due to the financial crisis, international tourist arrivals declined by 4.2% in 2009 to 880 million. I qutoted the below abstract of Europe resurlts in 2009 from the report;

Out of all the regions in the world, Europe’s tourism sector, the world’s largest and most mature, has been the hardest hit by the recession. The region, which accounted for 52% of international tourist arrivals and 48% of international tourism receipts in 2009, saw arrivals decrease by 6% to 460 million, while receipts declined 7% in real terms to US$ 413 bn (euro 296 billion).

Destinations in Central and Eastern Europe were particularly badly hit, while results in Western, Southern and Mediterranean Europe were relatively better. Many countries in Central and Eastern Europe have been more severely affected by the economic recession and are finding the return to growth more difficult. Overall, arrivals in the subregion are estimated to have fallen by 10%.

Nevertheless, a few European destinations still succeeded in posting positive results: Hungary ( 3%), Sweden ( 3%), Turkey ( 2%) and Italy ( 1%). Various other European destinations with easy access over land from nearby markets, such as Croatia (-1%), the Netherlands (-2%), Germany (-3%), Austria (-3%) and Switzerland (-4%), also did better than the region’s average. Among the more affected in 2009 were destinations within the euro area and with a marked reliance on the UK source market such as Cyprus (-11%) and Spain (-9%), which suffered the impact of a historically weak UK pound. France, the world’s first destination by arrivals, and Greece (both -6%) just matched the trend for the region.

Quoted From UNWTO

UNWTO Tourism Highlights 2010 can be downloaded as PDF. There are two versions of the pdf file as it appears every year. One is Low resolution (759Kb) and the other is High resolution (3Mb). Here are the direct links;

Microsoft has been detected a vulnerability inside the asp.net which lead to attackers to view data, such as the View State, which was encrypted by the target server, or read data from files on the target server, such as web.config.

This vulnerability is detected in all asp.net versions and a patch has not been released fo this yet. Instead, microfoft decided to cover this security vulnerability with a precaution (workaround).

You could reach official Microsoft advisory for this issues from below link;

This is an information disclosure vulnerability. An attacker who successfully exploited this vulnerability could read data, such as the View State, which was encrypted by the server. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to produce useful information that could be used to try to further compromise the affected system.

This vulnerability can also be used for data tampering, which, if successfully exploited, could be used to decrypt and tamper with the data encrypted by the server.

Is this a security vulnerability that requires Microsoft to issue a security update?

Microsoft is currently working to develop a security update to address this vulnerability. Microsoft will release the security update once it has reached an appropriate level of quality for broad distribution.

What causes this threat?

The ASP.NET use of encryption padding provides information in error responses that can be used by an attacker to read and tamper with the encrypted data.

What might an attacker use this vulnerability to do?

An attacker who successfully exploited this vulnerability would be able to read data, such as the View State, which was encrypted by the server. This data may also be tampered with by the attacker. If tampered with, the attacker could send this data back to the server and observe the error codes returned by the server. By observing these error codes, an attacker could gain enough information to decrypt and tamper with the encrypted data.

An attacker who successfully exploited this vulnerability could also read data from files on the target server, such as web.config, which the worker process identity already has access to.

Can I create a custom 404 page and a default redirect for all other errors to help protect against this issue?

No. An attacker could still draw a distinction between a 404 error and other errors. Homogenizing errors is a crucial component to help protect against this attack.

Umit Ilhan's new website http://www.umitilhan.org/ has been online today. The website design look prety amazing and I am sure we will see some good stuff in that website although I am a little disappointed that none of net framework stuff has been used for the website.